Alerts¶
-
class
py42.modules.alerts.
AlertsModule
(microservice_client_factory, alert_rules_module=None)¶ Bases:
object
-
get_details
(alert_ids, tenant_id=None)¶ Gets the details for the alerts with the given IDs, including the file event query that, when passed into a search, would result in events that could have triggered the alerts.
- Parameters
alert_ids (iter[str]) – The identification numbers of the alerts for which you want to get details for.
tenant_id (str, optional) – The unique identifier of the tenant that the alerts belong to. When given None, it uses the currently logged in user’s tenant ID. Defaults to None.
- Returns
A response containing the alert details.
- Return type
-
reopen
(alert_ids, tenant_id=None, reason=None)¶ Reopens the resolved alerts with the given IDs.
- Parameters
alert_ids (iter[str]) – The identification numbers for the alerts to reopen.
tenant_id (str, optional) – The unique identifier for the tenant that the alerts belong to. When given None, it uses the currently logged in user’s tenant ID. Defaults to None.
reason (str, optional) – The reason the alerts are reopened. Defaults to None.
- Returns
-
resolve
(alert_ids, tenant_id=None, reason=None)¶ Resolves the alerts with the given IDs.
- Parameters
alert_ids (iter[str]) – The identification numbers for the alerts to resolve.
tenant_id (str, optional) – The unique identifier for the tenant that the alerts belong to. When given None, it uses the currently logged in user’s tenant ID. Defaults to None.
reason (str, optional) – The reason the alerts are now resolved. Defaults to None.
- Returns
-
property
rules
¶ A collection of methods for managing alert rules.
-
search
(query)¶ Searches alerts using the given
py42.sdk.queries.alerts.alert_query.AlertQuery
.- Parameters
query (
py42.sdk.queries.alerts.alert_query.AlertQuery
) – An alert query. See the Executing Searches User Guide to learn more about how to construct a query.- Returns
A response containing the alerts that match the given query.
- Return type
-
-
class
py42.sdk.queries.alerts.alert_query.
AlertQuery
(*args, **kwargs)¶ Bases:
py42.sdk.queries.BaseQuery
Helper class for building Code42 Alert queries.
An AlertQuery instance’s
all()
andany()
take one or moreFilterGroup
objects to construct a query that can be passed to theAlertClient.search()
method.all()
returns results that match all of the provided filter criteria,any()
will return results that match any of the filters.For convenience, the
AlertQuery
constructor does the same asall()
.Usage example:
state_filter = AlertState.eq(AlertState.OPEN) rule_name_filter = RuleName.contains("EmailRule") query = AlertQuery.all(state_filter, rule_name_filter)
Filter Classes¶
The following classes construct filters for file event queries. Each filter class corresponds to an alert detail.
Call the appropriate classmethod on your desired filter class with the value
you want to match and it will return a
FilterGroup
object that can be passed to AlertQuery
’s all()
or any()
methods to create complex queries
that match multiple filter rules.
See Executing Searches for more on building search queries.
-
class
py42.sdk.queries.alerts.filters.alert_filter.
DateObserved
¶ Bases:
py42.sdk.queries.query_filter.QueryFilterTimestampField
Class that filters alerts based on the timestamp the alert was triggered.
-
classmethod
in_range
(start_value, end_value)¶ Returns a
FilterGroup
to find events where the filter timestamp is in range between the provided start_value and end_value.
-
classmethod
on_or_after
(value)¶ Returns a
FilterGroup
to find events where the filter timestamp is on or after the provided value.
-
classmethod
on_or_before
(value)¶ Returns a
FilterGroup
to find events where the filter timestamp is on or before the provided value.
-
classmethod
on_same_day
(value)¶ Returns a
FilterGroup
to find events where the filter timestamp is within the same calendar day as the provided value.
-
classmethod
-
class
py42.sdk.queries.alerts.filters.alert_filter.
Actor
¶ Bases:
py42.sdk.queries.alerts.filters.alert_filter.AlertQueryFilterStringField
Class that filters alerts based on the username that originated the event(s) that triggered the alert.
-
classmethod
eq
(value)¶ Returns a
FilterGroup
to find events where the filter equals the providedvalue
.- Parameters
value (str) – The value to match file events on.
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match file events on.
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
to find events where the filter is not equal to the providedvalue
.- Parameters
value (str) – The value to exclude file events on.
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude file events on.
-
classmethod
-
class
py42.sdk.queries.alerts.filters.alert_filter.
RuleName
¶ Bases:
py42.sdk.queries.alerts.filters.alert_filter.AlertQueryFilterStringField
Class that filters alerts based on rule name.
-
classmethod
eq
(value)¶ Returns a
FilterGroup
to find events where the filter equals the providedvalue
.- Parameters
value (str) – The value to match file events on.
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match file events on.
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
to find events where the filter is not equal to the providedvalue
.- Parameters
value (str) – The value to exclude file events on.
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude file events on.
-
classmethod
-
class
py42.sdk.queries.alerts.filters.alert_filter.
Description
¶ Bases:
py42.sdk.queries.alerts.filters.alert_filter.AlertQueryFilterStringField
Class that filters alerts based on rule description text.
-
classmethod
eq
(value)¶ Returns a
FilterGroup
to find events where the filter equals the providedvalue
.- Parameters
value (str) – The value to match file events on.
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match file events on.
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
to find events where the filter is not equal to the providedvalue
.- Parameters
value (str) – The value to exclude file events on.
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude file events on.
-
classmethod
-
class
py42.sdk.queries.alerts.filters.alert_filter.
Severity
¶ Bases:
py42.sdk.queries.query_filter.QueryFilterStringField
Class that filters alerts based on severity.
- Available options are:
Severity.HIGH
Severity.MEDIUM
Severity.LOW
-
classmethod
eq
(value)¶ Returns a
FilterGroup
to find events where the filter equals the providedvalue
.- Parameters
value (str) – The value to match file events on.
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match file events on.
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
to find events where the filter is not equal to the providedvalue
.- Parameters
value (str) – The value to exclude file events on.
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude file events on.
-
class
py42.sdk.queries.alerts.filters.alert_filter.
AlertState
¶ Bases:
py42.sdk.queries.query_filter.QueryFilterStringField
Class that filters alerts based on alert state.
- Available options are:
AlertState.OPEN
AlertState.DISMISSED
-
classmethod
eq
(value)¶ Returns a
FilterGroup
to find events where the filter equals the providedvalue
.- Parameters
value (str) – The value to match file events on.
-
classmethod
is_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is in the providedvalue_list
.- Parameters
value_list (list) – The list of values to match file events on.
-
classmethod
not_eq
(value)¶ Returns a
FilterGroup
to find events where the filter is not equal to the providedvalue
.- Parameters
value (str) – The value to exclude file events on.
-
classmethod
not_in
(value_list)¶ Returns a
FilterGroup
to find events where the filter is not in the providedvalue_list
.- Parameters
value_list (list) – The list of values to exclude file events on.